New 2021 Social Engineering Scams

Last Updated on by SCARS Editorial Team

Find Real ScammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. & Fake Stolen Photos On ScamsONLINE.org
The SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. Scammer Photo Gallery Website
Click Here To Donate To SCARS

New 2021 Social EngineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests." ScamsScams A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost.

The Old Ones Are Still Active But Fraudsters Are Now Adding More Tools To Their Bag Of Tricks

According To Industry Sources, Cyber-Enabled Criminals Are Constantly Inventing New Attack Types

As scammers apply more institutional knowledge of the internet and online user’s behaviors they adapt their tactics. They are not giving up on the old techniques, but expanding to find more ways to scamScam A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. victims – both individuals and corporations – from their money.

Here are the latest types of socially engineered scams running worldwide:

Social Engineering Against All Users

1: Browser Notification Hijack

Web sites have for several years asked visitors to approve “notifications” from the site. We do that on this website, but we use a reliable and secure partner to manage that (specifically OneSignal – an industry leader). Not all websites do use reliable partners – those that try to do it themselves can be vulnerable.

What was once a useful way to engage with readers and keep them up to date can be compromised and turned into a social engineering tool.

These are called push notifications, and they are valuable, but they can be weaponized on poorly managed websites. The problem is that many users blindly click ‘yes’ to allow these notifications. While many users have learned some level of caution with web browsers, the notifications appear more like system messages from the device itself, rather than the browser.

In our case, we offer that choice, but we also allow you to subscribe to our newsletter so you don’t have to use the push notifications- this is a safer alternative for most websites – unless they know what they are doing.

Once the cybercriminal has a user’s consent, they start inundating them with alert messages – and the messages are usually phishing schemes or scam notifications that contain malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts..

Rule of thumb: if you receive more than a couple of alerts a day – you probably do not want their alerts anyway.

2: Deepfake Recordings

Social engineers are now using deepfakes – very realistic recordings that use artificial intelligenceArtificial intelligence Artificial intelligence (AI) is wide-ranging branch of computer science concerned with building smart machines capable of performing tasks that typically require human intelligence. Machine learning is a subset of Artificial Intelligence. to simulate a specific person’s appearance or voice – to trick victims into divulging information or performing an action that benefits the scammer.

This means they can send better fake videos to victims of romance scams, etc. It also means they can fabricate fake adult intimate videos and photos for sextortion purposes with ease.

Audio deepfakes – in which the cybercriminal uses a “cloned” voice that is nearly indistinguishable from a real person’s voice to create a scam audio recording – are a real growing concern.

One of the earliest successful examples came in 2019, when a fake recording of a CEO’s voice was used to instruct an employee to immediately transfer money to an international account. The recording was left as a voicemail to the subordinate, who obeyed the fraudulent instructions and sent $243,000 to the attackers.

We are seeing criminals use deepfake recordings to company manipulate staff into sending money or offering up private information – only audio recordings so far, but Gerchow believes video deepfakes are just a matter of time. But these are also being used in other kinds of scams, such as romance scams.

Everyone needs to become much smarter and more knowledgeable fast.

3: Malicious QR Codes

QR code-related phishing fraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. has become common in the last year.

QR codes – those machine-readable, black-and-white matrix codes arranged in a square – have become an increasingly popular way for companies to engage with consumers and deliver services in the midst of COVID-19. For example, many restaurants have ditched paper menus, and instead, allow patrons to scan a QR code with their smartphone. Similarly, many Girl Scouts posted QR codes for no-contact ordering and delivery of cookies this spring.

Here is the problem – you cannot see what web address the QR Code contains just by looking at it!

Many of the websites that QR codes send people to are operated by third-party vendors. When scanned, a malicious QR code can connect phones to a malicious destination – just like clicking on a bad link. Same concept; new wrapper.

QR Codes that appear on ads or other marketing material can offer everything from a menu, to access to a website, to a chance of winning an Xbox. Always look for a real web address and always be cautious. Only trust reliable sources.

4: Text fraud

Text messages have been a conduit for social engineering scams for a while, but texting tactics becoming very common and frequent.

A large portion of the population prefers communicating via text messages as opposed to the phone.  People are now extremely used to communicating very confidential types of information via text and it comes with risks.

Because grocery and food delivery has grown in the last year, delivery-related scam texts are up.  Other common lures include texts that promise information about COVID stimulus checks that link victims back to a website that looks like the IRSIRS The Internal Revenue Service (IRS) is the revenue & tax service of the United States federal government responsible for collecting taxes and administering the Internal Revenue Code (the main body of federal statutory tax law.) It is part of the Department of the Treasury and led by the Commissioner of Internal Revenue, who is appointed to a five-year term by the President of the United States. The duties of the IRS include providing tax assistance to taxpayers; pursuing and resolving instances of erroneous or fraudulent tax filings; and overseeing various benefits programs. Visit www.IRS.gov to learn more. site and asks for sensitive personal information, such as a birth date and social security number.

If you get a questionable text, look at the sending number – have you seen it before? Do a quick search online and see what shows.

As with QR codes, victims simply have not developed the level of awareness and caution needed.

5: Typosquatting or Lookalike Domains

This is actually not new but has become more sinister in the last year.

A Typo Domain uses common misspellings of a domain name that many people would naturally make. Mostly these have been used to gain ad exposures from people carelessly typing a web address. But increasingly they are used to fool victims in email addresses, or in directing unsuspecting victims to fake or malicious websites.

For example: think Gooogle instead of Google,  or adding a different top-level domain (.uk instead of .co.uk). Unlike the often sloppy versions from earlier days, today these sites may feature sophisticated designs, carefully detailed mimicry of legitimate sites, and sophisticated functionality.

Lookalike domains – are often served up in a business email compromise (BEC) attack. Fraudsters impersonate legitimate domains in order to fool victims into thinking they are in a safe location or that an email is legitimate.

We saw an example of this from a scammer in Australia that used the name of a government anti-scam agency called “ScamWatch” in a domain name to fool scam victims into believing they were dealing with the government investigators. They were asked to pay an investigation fee. SCARS has it shut down in 2019, but criminals persist in creating fake businesses.

A perfect example – can you see what is wrong in this web address?

typo-domain

Social engineering victims are usually tricked into either feeling psychological safety by their choice or into seeking psychological safety in a way that will play into a criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues.’s hands.

Criminals set up these sites not only to deliver malware but also to capture credit card information or other sensitive data through fake login fields or other fake forms.

Social Engineering Against Businesses

1: Supply Chain Partner ImpersonationImpersonation An impersonator is someone who imitates or copies the behavior or actions of another. There are many reasons for impersonating someone, such as: part of a criminal act such as identity theft, online impersonation scam, or other fraud. This is usually where the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information or to gain property not belonging to them. Also known as social engineering and impostors.

Attacks that exploit parts of an organization’s supply chain are now a big problem. This is basically a variation of BEC scams, but scammers now have more than enough money to understand real business processes.

It’s not easy to defend what you can’t see, and you are only as strong as the weakest link. For example, there have been many targeted emails coming in that look like they are from your trusted partners but are in fact bad actors posing as employees you may know within your network.

Always verify, verify, verify. Create a new email from the address in your contact list, or through your connection on LinkedIn. Do not just reply to a message you receive.

These attacks have become even more detailed and sophisticated over time. They will look and sound good.

We see these long, sophisticated attempts to build trust or relationships with a company’s outbound-facing teams whose entire job is to help.

By establishing these trusted relationships, the criminals’ ultimate goal is to make standard social engineering tactics more effective, eliciting help in bypassing security controls, or sending malware or gaining information that will compromise the target company’s systems.

The SolarWinds attack is an example of a supply chain attack – in that case, a specific version called a vendor email compromise attack (VEC) was used. As SolarWinds officials noted, an email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles.

2: Collaboration Scams

With this social engineering tactic, cybercriminals target professionals in collaborative fields, including designers, developers, and even security researchers. The lure is an invitation that asks them to collaborate on work via an app or website.

Recent pandemic lockdowns and expanded work-from-home increased people’s comfort with remote collaboration, so this tactic fit the times well.

The cybercriminal sends over a Visual Studio Project containing malicious code. The user runs the program, and their device is infected pretty quickly. This attack essentially exploits the desire or need to assist or help others with passion projects.

Obviously, you should never accept or open an email or other attachments from people that you do not know! A never run anything that can be executed on your computer.

These attacks are often well-crafted, showing great attention to detail – but especially for people that live on the web – they should know better!

Criminals posed as active researchers and built social proof documents – with apparent third parties validating their research – using a blog including articles from industry sources as ‘guest posts,’ Twitter accounts, YouTube videos, LinkedIn, Discord, and more, A suspicious victim may be put at ease by this seemingly wide social footprint. But like all things online, don’t trust anyone!

If someone wants to participate in research then do it through a known channel such as RsearchGate.

Scroll to the bottom to leave a comment!

TAGS: SCARS, Information About Scams, Anti-Scam, Scams, Scammers, Fraudsters, Cybercrime, Crybercriminals, Romance Scams, Scam Victims, Online Fraud, Online Crime Is Real Crime, Scam Avoidance, Social Engineering

PLEASE SHARE OUR ARTICLES WITH YOUR FRIENDS & FAMILY

HELP OTHERS STAY SAFE ONLINE – YOUR KNOWLEDGE CAN MAKE THE DIFFERENCE!
THE NEXT VICTIM MIGHT BE YOUR OWN FAMILY MEMBER OR BEST FRIEND!

SCARS the Society of Citizens Against Relationship Scams Incorporated

By the SCARS™ Editorial Team
Society of Citizens Against Relationship ScamsSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. Inc.

A Worldwide Crime Victims Assistance & Crime Prevention Nonprofit Organization Headquartered In Miami Florida USA & Monterrey NL Mexico, with Partners In More Than 60 Countries
To Learn More, Volunteer, or Donate Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org

The Issue Of Race In Scam Reporting
Click Here To Learn More!

Your Feedback!

Please share your feedback below. Hearing from victims helps us refine our knowledge about scammer’s processes and methods, and then be able to better share factual authoritative information with victims worldwide. Please scroll down and share your thoughts and comments. What you think and experienced matters.

Please Share:

Please share our articles and knowledge with your friends & family. This is important!

Help others stay safe online – your knowledge can make the difference for both those being groomed and victims! The next victim might be your own family member or best friend!

SCARS the Society of Citizens Against Relationship Scams Incorporated

By the SCARS™ Editorial Team
Society of Citizens Against Relationship Scams Inc.

A Worldwide Crime Victims Assistance & Crime Prevention Nonprofit Organization Headquartered In Miami Florida USA & Monterrey NL Mexico, with Partners In More Than 60 Countries
To Learn More, Volunteer, or Donate Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org

Latest & Updated SCARS RomanceScamsNow.com Posts:

European Money Mule Crackdown Continues in 2021!

European Money MuleMoney Mule A money mule sometimes called a "smurfer," is a person who transfers money acquired illegally (e.g., stolen) in person, through a courier service, or electronically, on behalf of others (usually criminals that they are knowingly or unknowingly affiliated). Typically, the mule is paid for services with a small part of the money transferred - but not always. Mules may or may not be aware that they are performing these actions. Money mules are often dupes recruited online for what they think is legitimate employment, not aware that the money they are transferring is the product of crime. The money is transferred from the mule's account to the scam operator, typically in another country. Similar techniques are used to transfer illegal merchandise. Mules can be prosecuted for numerous crimes. Crackdown Continues in 2021! Law Enforcement [...]

New Scam & Cybercrime Reporting Directory

New Scam & CybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Reporting Directory Something New On [...]

The World Online Is Not Safe For Those That Don’t Know!

REPORT-BLOCK-RECOVER

The Issue Of Race In Scam Reporting
Click Here To Learn More!

FIND SCAMMER PHOTOS ON
SCARSONLINE.ORG

FIND SCARS ON FACEBOOK
CLICK HERE

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IN MANY SCARS ARTICLES, WE MENTION TOPICS INCLUDING TRAUMATrauma Emotional and psychological trauma is the result of extraordinarily stressful events that shatter your sense of security, making you feel helpless in a dangerous world. Psychological trauma can leave you struggling with upsetting emotions, memories, and anxiety that won’t go away. It can also leave you feeling numb, disconnected, and unable to trust other people. Traumatic experiences often involve a threat to life or safety or other emotional shocks, but any situation that leaves you feeling overwhelmed and isolated can result in trauma, even if it doesn’t involve physical harm. It’s not the objective circumstances that determine whether an event is traumatic, but your subjective emotional experience of the event. The more frightened and helpless you feel, the more likely you are to be traumatized. Trauma requires treatment, either through counseling or therapy or through trauma-oriented support programs, such as those offered by SCARS., ABUSE, SELF-HARM, SUICIDALITY, RISKY BEHAVIORBehavior   Behavior / Behavioral Actions Otherwise known as habits, behavior or behavioral actions are strategies to help prevent online exploitation that target behavior, such as social engineering of victims. Changing your behavior is the ONLY effective means to reduce or prevent scams., DISORDERS, ADDICTION, AND OTHER PSYCHOLOGICAL CONDITIONS. THE INFORMATION IS NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE. ALWAYS SEEK THE ADVICE OF YOUR PHYSICIAN OR OTHER QUALIFIED HEALTH PROVIDERS WITH ANY QUESTIONS YOU MAY HAVE.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

This content and other material contained on the website, appsApps Applications or Apps An application (software), commonly referred to as an ‘app’ is a program on a computer, tablet, mobile phone or device. Apps are designed for specific tasks, including checking the weather, accessing the internet, looking at photos, playing media, mobile banking, etc. Many apps can access the internet if needed and can be downloaded (used) either for a price or for free. Apps are a major point of vulnerability on all devices. Some are designed to be malicious, such as logging keystrokes or activity, and others can even transport malware. Always be careful about any app you are thinking about installing., newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2021 Society of Citizens Against Relationship Scams Inc. (D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support GroupSupport Group In a support group, members provide each other with various types of help, usually nonprofessional and nonmaterial, for a particular shared, usually burdensome, characteristic, such as romance scams. Members with the same issues can come together for sharing coping strategies, to feel more empowered and for a sense of community. The help may take the form of providing and evaluating relevant information, relating personal experiences, listening to and accepting others' experiences, providing sympathetic understanding and establishing social networks. A support group may also work to inform the public or engage in advocacy. They can be supervised or not. SCARS support groups are moderated by the SCARS Team and or volunteers., SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org